Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Collaborator

Strip domain part from username in Endpoint Connect

Hello

One of our customer uses AD authentication when using remote access with Endpoint Connect. In the Endpoint Connect client, we are entering this AD username and password and this is working fine. The username is in the format: username.

But now, a second authentication step is needed with RADIUS and the RADIUS server requires the username to be in the pre-Windows 2000 format. So domain\username. We have configured the New Login Options feature within SmartConsole.

In this new setup, AD authentication works fine because the gateways recognizes the username by the entered username. But the second authentication step fails because the RADIUS server expects domain\username but just receives username.

If we enter domain\username in the Endpoint Connect client we get an unkown user right away.

Can we strip the domain part of the username entered in Endpoint Connect so Check Point recognizes the user, but send the complete name (including the domain) to the RADIUS server? Has anyone ever done this before?

Thanks for any help.

Regards,
Martijn

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee

Out of interest what is the Radius server, is it NPS or something else?

A lot of radius servers support the concept of domain / realm stripping or normalisation for these types of scenarios.

0 Kudos
Martijn
Collaborator

Chris,

Customer uses Safenet. 

I also believe customer has several AD domains and several LDAP Account Unit objects and users are unique.
Maybe Safenet needs the domain part to search the correct domain.

Regards,
Martijn

0 Kudos